A major data leak has unveiled the operations of the ransomware group LockBit, showcasing their organized and professional negotiation strategies with victims. Analysis from the security firm Defenced of thousands of chat logs reveals that LockBit employs a customer-friendly tone, often providing discounts on ransom amounts. Their operations follow a Ransomware-as-a-Service model, subcontracting attacks to partners while a central 'boss' makes crucial decisions. The chats also indicate a keen interest in cyber insurance claims, with notable exemptions made for Russian targets. This structured approach highlights the calculated nature of LockBit's criminal enterprise.
A major data leak has exposed the ransomware group LockBit, revealing a structured and businesslike approach to their operations through negotiations with victims.
Analysis of 208 conversations showed payments were made in 18 cases, with verified payments totaling over $348,000, highlighting the operational structure of LockBit.
LockBit operates as a Ransomware-as-a-Service model, with subcontracted partners handling attacks and referencing a central 'boss' responsible for ransom decisions and decryption tools.
The chat data reveals that LockBit targets victims with cyber insurance but exempts Russian individuals, implying a calculated operational strategy and possible affiliations.
Collection
[
|
...
]